Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Q & A

 

Author Q&A: Former privacy officer urges leaders to prioritize security as part of cloud migration

By Byron V. Acohido

Cyber threats have steadily intensified each year since I began writing about privacy and cybersecurity for USA TODAY in 2004.

Related: What China’s spy balloons portend

A stark reminder of this relentless malaise: the global cyber security market is on a steady path to swell to $376 billion by 2029 up from $ 156 billion in 2022, according to Fortune Business Insights.

Collectively, enterprises spend a king’s ransom many times over on cyber defense. Yet all too many companies and individual employees till lack a full appreciation of the significant risks they, and their organizations, face online. And as a result, many still do not practice essential cyber hygiene.

Perhaps someday in the not-too-distant future that may change. Our hope lies in leveraging machine learning and automation to create very smart and accurate security platforms that can impose resilient protection.

Until we get there – and it may be a decade away — the onus will remain squarely on each organization — and especially on individual employees —  to do the wise thing.

A good start would be to read Mobilizing the C-Suite: Waging War Against Cyberattacks, written by Frank Riccardi, a former privacy and compliance officer from the healthcare sector.

MY TAKE: DigiCert and Oracle partner to extend digital trust and scalable infrastructure globally

By Byron V. Acohido

One meeting I had at RSA Conference 2023, was a briefing about a  new  partnership, announced this morning, between a top-rung Silicon Valley tech giant and the leading provider of digital trust.

Related: Centralizing control of digital certificates

I had the chance to sit down with Deepika Chauhan, DigiCert’s Chief Product Officer, and Mike Cavanagh, Oracle’s Group Vice President, ISV Cloud for North America. They walked me through a partnership that gives their joint customers the option to deploy Oracle Cloud Infrastructure (OCI) combined with  DigiCert ONE. Here are a few of my takeaways:

Seeds of the partnership

In 2017, DigiCert acquired and commenced reviving Symantec’s PKI business. This was all part of the Lehi, Utah-based vendor’s efforts to support enterprise cloud migration and the rise of IoT systems, which were both gaining steam.

This ultimately resulted in the 2020 roll out of DigiCert ONE, a new platform of tools and services aimed at “embedding digital trust across the board within the enterprise and between all parts of the cloud ecosystem,” Chauhan says.

Back in Silicon Valley, Oracle was playing catchup. Amazon had introduced Amazon Web Services in 2006 and Microsoft Azure became commercially available in 2010. Oracle launched OCI in October 2016.

SHARED INTEL Q&A: Bi-partisan report calls for a self-sacrificing approach to cybersecurity

By Byron V. Acohido

A new report from the Bipartisan Policy Center (BPC) lays out — in stark terms – the prominent cybersecurity risks of the moment.

Related: Pres. Biden’s impact on cybersecurity.

The BPC’s Top Risks in Cybersecurity 2023 analysis calls out eight “top macro risks” that frame what’s wrong and what’s at stake in the cyber realm. BPC is a Washington, DC-based think tank that aims to revitalize bipartisanship in national politics.

This report has a dark tone, as well it should. It systematically catalogues the drivers behind cybersecurity risks that have steadily expanded in scope and scale each year for the past 20-plus years – with no end yet in sight.

Two things jumped out at me from these findings: there remains opportunities and motivators aplenty for threat actors to intensify their plundering; meanwhile, industry and political leaders seem at a loss to buy into what’s needed: a self-sacrificing, collaborative, approach to systematically mitigating a profoundly dynamic, potentially catastrophic threat.

Last Watchdog queried Tom Romanoff, BPC’s technology project director about this analysis.  Here’s the exchange, edited for clarity and length:

AUTHOR Q&A: China’s spy balloons reflect a cyber warfare strategy America must counter

By Byron V. Acohido

The attack surface of company networks is as expansive and porous as ever.

Related: Preparing for ‘quantum’ hacks

That being so, a new book, Fixing American Cybersecurity, could be a long overdue stake in the ground.

This is a well-reasoned treatise collaboratively assembled by board members of the Internet Security Alliance (ISA.) Laid out in two parts, Fixing American Cybersecurity dissects the drivers that got us here and spells out explicitly what’s at stake. It also advocates a smarter, more concerted public-private partnership as the core solution.

Part one of the book catalogues how cyber criminals and US adversaries have taken full advantage of systemic flaws in how we’ve come to defend business and government networks. Part two is comprised of essays by  CISOs from leading enterprises outlining what needs to get done.

I had the chance to query Larry Clinton, ISA’s president and CEO, about the main themes laid out in Fixing American Cybersecurity. ISA is a multi-sector trade group focused on policy advocacy and developing best practices for cybersecurity.

We discussed this book’s core theme: a fresh set of inspired public-private strategies absolutely must arise and gain full traction, going forward, or America’s strategic standing will never get healed.

Q&A: Here’s how the ‘Matter’ protocol will soon reduce vulnerabilities in smart home devices

By Byron V. Acohido

After years of competitive jockeying, the leading tech giants have agreed to embrace a brand new open-source standard – called Matter – that will allow consumers to mix and match smart home devices and platforms.

Related: The crucial role of ‘Digital Trust’

After numerous delays and course changes, the Matter protocol, is set to roll out this fall, in time for the 2022 holiday shopping season. To start, seven types of smart home devices will be capable of adopting the Matter protocol, and thus get affixed with a Matter logo.

Matter is intended to foster interoperability of smart home devices – so a homeowner can stick with just one voice assistance platform and have the freedom to choose from a wide selection of smart devices sporting the Matter logo.

What this boils down to is that a consumer living in a smart home filled with Matter devices would no longer be forced to use Amazon’s Alexa to control some devices, while having to switch to Apple’s Siri, Google’s Assistant or Samsung’s SmartThings to operate other devices. No surprise: Amazon, Google, Apple and Samsung are the biggest names on a list of 250 companies supporting the roll out of Matter.

The qualifying types of smart home devices, to start, include light bulbs and switches; smart plugs; smart locks; smart window coverings; garage door openers; thermostats; and HVAC controllers. If all goes smoothly, surveillance cams, smart doorbells and robot vacuums would soon follow.

Q&A: Here’s why VPNs are likely to remain a valuable DIY security tool for consumers, SMBs

By Byron V. Acohido

It is astounding that billions of online accounts have been breached over the past 18 years and that US consumer accounts are by far the most compromised.

Related: VPNs vs ZTNA

Now comes hard metrics quantifying the scope of this phenomenon. It’s in findings of a deep dive data analytics study led by Surfshark, a supplier of VPN services aimed at the consumer and SMB markets.

Surfshark partnered with a number of independent cybersecurity researchers to quantify the scope and pattern of data breaches over the past couple of decades. For this study, a data breach was defined as an intruder copying or leaking user data such as names, surnames, email addresses, passwords, etc. Much of the hard evidence came from correlating breached databases sitting in the open Internet.

Data scientists sorted through 27,000 leaked databases and created 5 billion combinations of data. Researchers could then sort those combinations based on specific data points, such as countries, and perform a statistical analysis of their findings.

The data analytics show:

•A total 2.3 billion U.S. accounts have been breached so far. The scale is so massive that it makes up 15 percent of all breached users globally since 2004 (the year data breaches became widespread)

•More than two thirds of American accounts are leaked with the password, putting breached users in danger of account takeover.

Q&A: The lesser role VPNs now play for enterprises, SMBs — in a post-pandemic world

By Byron V. Acohido

During the first two decades of this century, virtual private networks —VPNs—served as a cornerstone of network security.

Related: Deploying human sensors

VPNs encrypt data streams and protect endpoints from unauthorized access, essentially by requiring all network communications to flow over a secured pipe.

This worked extremely well for users accessing network resources remotely via their company-issued laptops and immobile home computers. However, VPN pipes have become less efficient with the rising use of personally-owed mobile devices increasing reliance on cloud-centric IT resources.

The sudden spike in work-from-home scenarios due to Coivd 19 quarantining accelerated this trend. I had the chance to ask Chris Clements, vice president of solutions architecture at Cerberus Sentinel,